centos 7 安裝fail2ban

Fail2ban可以防止惡意的一些try attach，當try太多次時，會主動阻檔

記得要先yum upgrade , yum update

1.先增加EPLE (Extra Packages for Enterprise Linux)

1	sudo yum install epel–release

2.安裝fail2ban

1	sudo yum install fail2ban

3.設定啟動時開啟fail2ban (fail2ban start on boot)

1	sudo systemctl enable fail2ban

4.啟動fail2ban

1	sudo systemctl start fail2ban

就完成安裝了，再來需要做一些預設值的設定

1	sudo nano /etc/fail2ban/jail.local

把下面內容貼上，就可以使用基本的fail2ban 防止惡意測試ssh登入了

也可以直接修改/etc/fail2ban/jail.conf

[DEFAULT]

# Ban hosts for one hour:

ignoreip = 127.0.0.1/8

bantime = 86400

findtime = 600

maxretry = 5

# Override /etc/fail2ban/jail.d/00-firewalld.conf:

# if you use iptables firewall use this one

# banaction = iptables-multiport

# if you use firewalld firewall use this one

banaction = firewallcmd–ipset

action = %(action_mwl)s

[sshd]

enabled = true

filter = sshd

port = 22

action = %(action_mwl)s

logpath = /var/log/secure

有些指令可以知道fail2ban目前執行的狀態

1	sudo fail2ban–client status

1	sudo fail2ban–client status sshd

log檔可以到/var/log/fail2ban.log查看

WONGCW 網誌